Firewalls, VPNs, and network devices require extra scrutiny when it comes to security, given the current threat landscape. New findings from Eclypsium highlight missing and misconfigured security controls (bootloader & UEFI vulns)...Our latest findings are here: https://eclypsium.com/research/pandoras-box-vulns-in-security-appliances/ (including a demo exploit video).
=> More informations about this toot | View the thread
In support of Larry and Bill's talk (10am Sunday: Detecting BLE Trackers for the price of a Gas Station Hot Dog) I am bringing some things to Shmoocon this weekend!
=> View attached media | View attached media | View attached media | View attached media
=> More informations about this toot | View the thread
Who will be at Shmoocon? I will be there and welcome you with open arms :)
=> More informations about this toot | View the thread
Bringing in the new year with some fresh research from Eclypsium, this time DNA sequencers are at risk: https://buff.ly/3PqKuwo
=> More informations about this toot | View the thread
On the latest episode of Paul's Security Weekly Bill, Larry and myself discussed "hacker gadgets" including some of our favorite ESP32 and Raspberry PI devices and firmware. Check it out and let us know your favorite hacker gadgets!
Show notes: https://buff.ly/3VqDL92
=> More informations about this toot | View the thread
If you believe you are not a target, attackers are not using UEFI implants and firmware backdoors, then read this: https://eclypsium.com/blog/pacific-rim-chronicling-a-5-year-hacking-escapade/ - The post includes a detailed analysis of the command run by the attackers to deploy a UEFI implant, and an attack demo from my co-worker Mickey!
=> More informations about this toot | View the thread
MJG did a great job of explaining why some dual-boot systems are unable to boot after MS pushed an SBAT update: https://buff.ly/3YYohvt (The title is amusing) Also, don't just go blaming MS, you should be running up-to-date versions of your bootloaders too.
=> More informations about this toot | View the thread
Fortune Cookie literally telling me how to live my corporate life
=> More informations about this toot | View the thread
When the project is on its 3rd lead developer...
=> More informations about this toot | View the thread
Still fishing for the solution
=> More informations about this toot | View the thread
So, I need to grow my beard out?
=> More informations about this toot | View the thread
I knew all that knowledge would come in handy someday! (I actually was a developer on that platform, a long time ago...)
=> More informations about this toot | View the thread
Jackpot!
=> More informations about this toot | View the thread
Don't disrupt the flow!
=> More informations about this toot | View the thread
How many computers have you used that needed this?
=> More informations about this toot | View the thread
More nerd humor
=> More informations about this toot | View the thread
It's interesting to see the industry react to the AMD sinkclose vulnerability. The advice is to "patch immediately!", quickly followed by "Well, if you can". Due to the complex supply chain, AMD has to release a fix, and then an OEM has to release a BIOS/UEFI update that in turn updates your AGESA version. Long story short, I have a vulnerable machine and am waiting on the OEM for an update. Eclypsium's product was the best way to determine which version I am running:
=> More informations about this toot | View the thread
Yet another reason I use Arch BTW
=> More informations about this toot | View the thread
LOL - Love this
=> More informations about this toot | View the thread
"This is Mr. Eddie Vedder, from Accounting. I just had a power surge here at home that wiped out a file I was working on. Listen, I'm in big trouble, do you know anything about computers? "
=> More informations about this toot | View the thread
=> This profile with reblog | Go to paulasadoorian@infosec.exchange account This content has been proxied by September (3851b).Proxy Information
text/gemini